Monday, September 20, 2010

Legal Ethics and Metadata

As Wikipedia explains, every U.S. state has an ethical code that binds lawyers to certain standards of professional conduct.

As Wikipedia also explains, there are currently two different, though similar codes, in use in this country:the Model Rules of Professional Conduct and the Model Code of Professional Responsibility.You can read a bit about them on Wikipedia, which also notes that California and Maine don’t follow either – they have their own, respective, sets of ethical rules.This post, as the title indicates, deals with lawyer ethics and metadata.

According to one article, bar authorities have issued “14 ethics opinions” on the ethical questions lawyers confront in dealing with metadata.Donald R. Lundberg, A Five-Year Retrospective, Res Gestae 15 (July/August 2010).I’m not going to attempt to analyze 14 ethics opinions in a blog post . . . I couldn’t do it and you don’t want me to.

But there are some interesting issues here, so I thought I’d do a post on a recent opinion from the North Carolina State Bar:Review and Use of Metadata, 2009 NC Eth. Op. 1 (2010).

This was not an opinion that issued at the request of a lawyer.Instead, the State Bar association issued it sua sponte, i.e., on its own.The State Bar authorities first explained why this thought this step was warranted:

[L]awyers routinely send emails and electronic documents . . . presentations to a lawyer for another party (or to the party if not represented by counsel). The email and the electronic documents contain metadata or embedded information about the document describing the document's history, tracking and managementsuch as the date and time [it] was created, the computer on which [it] was created, the last date and time [it] was saved, `redlined’ changes identifying what was changed or deleted in the document, and comments included . . . during the editing process. Pennsylvania Bar Ass'n. Comm. on Legal Ethics and Professional Responsibility . . . notes that . . . metadata . . . may contain `privileged and/or confidential information, . . . which may provide information about . . . legal issues, legal theories, and other information that was not intended to be disclosed to opposing counsel.’ . . . The sender . . . may be unaware there is metadata embedded in the document or mistakenly believe the metadata was deleted from the document prior to transmission.

Review and Use of Metadata, supra.The opinion addresses two questions, the first of which is “[w]hat is the ethical duty of a lawyer who sends an electronic communication to prevent the disclosure of a client's confidential information found in metadata?”The State Bar began its analysis of this issue by noting that

Rule 1.6(a) of the Rules of Professional Conduct prohibits a lawyer from revealing information relating to the representation of a client unless the client gives informed consent, the disclosure is impliedly authorized to carry out the representation, or disclosure is permitted by one of the exceptions to the duty of confidentiality set forth in paragraph (b) of the rule. As noted in comment [20] to the rule, `[w]hen transmitting a communication that includes information acquired during the representation of a client, the lawyer must take reasonable precautions to prevent the information from coming into the hands of unintended recipients.’

Review and Use of Metadata, supra. In an earlier opinion, the State Bar had found that this obligation extends to the use of electronic communications and documents but did not require “`that a lawyer use only infallibly secure methods of communication,’” only that a lawyer “`take steps to minimize the risks that confidential information” might be disclosed in electronic communications and data. Review and Use of Metadata, supra.

The State Bar then noted that lawyers have “several options” they can use to reduce the risk of inadvertently revealing confidential information:

Lawyers should exercise care in using software features that track changes, record notes, allow `fast saves,’ or save different versions, as these features increase the amount of metadata in a document. Metadata `scrubber’ applications remove embedded information from an electronic document and may be used to remove metadata before sending an electronic document to opposing counsel. Finally, lawyers may opt to use an electronic document type that does not contain as much metadata, such as the portable document format (PDF), or may opt to use a hard copy or fax. . . .

Review and Use of Metadata, supra.The State Bar’s final comments on this issue were that “[w]hat is reasonable depends on the circumstances,” including “the sensitivity of the . . . information that may be disclosed, the potential adverse consequences from disclosure, any special instructions or expectations of a client, and the steps the lawyer takes to prevent the disclosure of metadata.”Review and Use of Metadata, supra.

The second question the opinion addresses was “[m]ay a lawyer who receives an electronic communication from another party or the party's lawyer search for and use confidential information embedded in the metadata of the communication without the consent of the other party or lawyer?” Review and Use of Metadata, supra. The State Bar first explained that such conduct is forbidden under Rule 1.6 of the North Carolina Rules of Professional Conduct:

No, a lawyer may not search for confidential information embedded in metadata of an electronic communication from another party or a lawyer for another party. By actively searching for such information, a lawyer interferes with the client-lawyer relationship of another lawyer and undermines the confidentiality that is the bedrock of the relationship. . . . [I]f a lawyer unintentionally views confidential information within metadata, the lawyer must notify the sender and may not subsequently use the information revealed without the consent of the other lawyer or party.

Review and Use of Metadata, supra.It noted that the state bars of Alabama, Arizona, Florida, Maine and New York have all reached this same conclusion. Review and Use of Metadata, supra.

(According to a law review article, the New Hampshire state bar has also taken this view.Andrew M. Perlman, The Legal Ethics of Metadata Mining, 43 Akron Law Review 786 (2010).) The State Bar pointed out, however, that in Formal Opinion 06-442 (2006), the American Bar Association Standing Committee on Ethics and Professional Responsibility took the position that applicable ethical rules “do not prohibit a lawyer from reviewing and using metadata, a position also adopted by the state bars of Colorado, Maryland and Pennsylvania. Review and Use of Metadata, supra. (According to the law review article cited above, Vermont also takes this position. The Legal Ethics of Metadata Mining, supra.)

The North Carolina State Bar then reiterated its position that a lawyer

may not ethically search for confidential information embedded within an electronic communication from another party or the lawyer for another party. To do so would undermine the protection afforded to confidential information by Rule 1.6 and would interfere with the client-lawyer relationship of another lawyer in violation of Rule 8.4(d), which prohibits conduct that is `prejudicial to the administration of justice.’

Review and Use of Metadata, supra.The State Bar recognized that a lawyer might “unintentionally find confidential information upon viewing the contents of an electronic communication.” Review and Use of Metadata, supra.It explained that if this happens, the lawyer “must notify the sender and may not subsequently use the information revealed without the consent of the other lawyer or party.” Review and Use of Metadata, supra.It explained that Rule 4.4(b) of the North Carolina Rules of Professional Conduct

requires a lawyer who receives a writing relating to the representation of a client that the lawyer knows, or reasonably should know, was inadvertently sent, to promptly notify the sender. Receiving confidential information embedded in the metadata of an electronic communication is analogous to receiving . . . a faxed pleading that inadvertently includes a page of notes from opposing counsel. Although the receiving lawyer did not seek out the confidential information, the receiving lawyer . . . has a duty to `promptly notify the sender’ under Rule 4.4(b) if the receiving lawyer `knows or reasonably should know that the writing was inadvertently sent.’ Although the technology involved is different, the Ethics Committee believes that a lawyer who can recognize confidential information inadvertently included in a fax can also recognize confidential information inadvertently included in an electronic document.

Review and Use of Metadata, supra.

To put this opinion in context, perhaps, the article I cited earlier says there are

14 ethics opinions on the topic out there. They all agree that the sending lawyer has a duty to scrub documents for metadata that might reveal client confidences. They are all over the map on whether it is improper to go looking for metadata in digital communications from opposing counsel.

A Five-Year Retrospective, supra.The law review article cited above says that the District of Columbia, Pennsylvania and West Virginia bar associations have taken the position that metadata mining “should be permissible, at least in some circumstances”, so they’re in the middle. The Legal Ethics of Metadata Mining, supra.

Personally, I tend to agree with the author of the first article cited earlier:He said that in an article he published three years ago he argued that metadata mining was unethical but is now rethinking his position:

I find it to be personally offensive. However, this is one of those fascinating topics where legal ethics is trailing technology. With the risks presented by metadata more widely known, there will be increasingly little sympathy for the lawyer who lets client confidences out of the bag through metadata and decreasing condemnation of lawyers who look for it.